<?php
include_once("includes/config.php");
include_once("includes/sessioncontrol.php");
db_connection();
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if ( !checkSession($username,$password)) {
	//run the query to search for the username and password the match
	$query = "SELECT * FROM tbl_user WHERE username = '$username' AND password = '$password'";
	$result = mysql_query($query) or die ("Unable to verify username and password because : " . mysql_error());
	//this is where the actual verification happens
	
	if(mysql_num_rows($result) != 0) {
		$token = writeSession($username,$password);
		echo "__successful__".$token;  // for correct login response
	}
	else {
		echo "__failed__"; // for incorrect login response
	}
}
else {
	$token = getToken($username,$password);
	echo "__back__".$token; // welcome back
}
db_close();
?> 